Mr Zesty's BrainDump

User Tools

Site Tools

Trace:
syslogngek

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
syslogngek [2015/10/02 15:41]
ian created 		syslogngek [2020/02/13 22:55] (current)
Line 1: Line 1:
 ====== Syslog-ng / Elasticsearch / Kibana ====== ====== Syslog-ng / Elasticsearch / Kibana ======
 +
 +Elasticsearch is used index and make all logs searchable.
 +
 +Kibana provides a web interface to the search and configure visualization.
  
 Syslog-ng can send logs directly to elasticsearch, so the setup is like ELK without using logstash. Syslog-ng can send logs directly to elasticsearch, so the setup is like ELK without using logstash.
Line 17: Line 21:
 </code> </code>
  
-<note>+<note tip>
 Syslog-ng 3.7 can run elasticsearch directly, because the version in Ubuntu 14.04 is 3.5 we use a glue module. Syslog-ng 3.7 can run elasticsearch directly, because the version in Ubuntu 14.04 is 3.5 we use a glue module.
 </note> </note>
  
-<code> +Puppet Manifesthttps://bitbucket.org/snippets/iansamuel/LLEag
-:~# cd /usr/src +
- +
-:/usr/src# wget http://mirrors.kernel.org/ubuntu/pool/universe/s/syslog-ng-incubator/syslog-ng-mod-elasticsearch_0.3.3-1build1_all.deb +
- +
-:/usr/src# dpkg -i syslog-ng-mod-elasticsearch_0.3.3-1build1_all.deb +
-</code> +
- +
-===== ElasticSearch ===== +
- +
-https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html+
  
 <code> <code>
-:~# wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - +puppet apply /etc/puppet/manifests/syslog-ng-mod-elasticsearch.pp
- +
-:~# echo "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-1.7.list +
- +
-:~# aptitude update && aptitude install elasticsearch default-jre-headless +
- +
-:~# update-rc.d elasticsearch defaults 95 10 +
- +
-:~# service elasticsearch start +
- * Starting Elasticsearch Server+
 </code> </code>
  
-===== Kibana =====+===== ElasticSearch / Kibana =====
  
 +https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html \\
 https://www.elastic.co/downloads/kibana https://www.elastic.co/downloads/kibana
 +
 +Puppet Manifest: https://bitbucket.org/snippets/iansamuel/yqj5k
  
 <code> <code>
-:~# cd /usr/src +puppet apply /etc/puppet/manifests/elasticsearch-kibana.pp
- +
-:/usr/src# wget -c https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz +
- +
-:/usr/src# cd /usr/local/ +
- +
-:/usr/local# tar xvzf /usr/src/kibana-*gz +
- +
-:/usr/local# ln -s kibana-4.1.2-linux-x64 kibana +
- +
-:/usr/local# echo "/usr/local/kibana/bin/kibana | logger -t kibana &" >> /etc/rc.local +
- +
-:/usr/local# /usr/local/kibana/bin/kibana | logger -t kibana &+
 </code> </code>
- 
 ====== Configuration ====== ====== Configuration ======
  
Line 73: Line 48:
 <code> <code>
 @include "scl/elasticsearch/plugin.conf" @include "scl/elasticsearch/plugin.conf"
 +
 +source s_net { udp(); };  # All interfaces
  
 destination d_elastic { destination d_elastic {
        elasticsearch(        elasticsearch(
 +         host("localhost")
          index("syslog-ng")          index("syslog-ng")
        );        );
Line 81: Line 59:
  
 log { log {
-    source(s_src);+    source(s_net);
     destination(d_elastic);     destination(d_elastic);
     flags(flow-control);     flags(flow-control);
syslogngek.1443814878.txt.gz · Last modified: 2020/02/13 22:55 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
free spam filter